some minor suggestions

Norman Feske norman.feske at ...1...
Mon Jan 2 13:33:24 CET 2012

Hello Ross,

thanks for your nice wishes and for the very helpful suggestions!

> I've been away from the computer for a while and am starting to get
> back into programming. I'm keen focus on a couple of small personal
> Genode projects I've wanted to do for a some time. I've a few
> questions and suggestions to help build the Genode community from the
> perspective of a hobby programmer like me:
> 1) could you supply a logo to display on web-pages for linking back
> to the Genode web-site.

Of course. I guess you are thinking about a small banner, e.g, sized at
160x60 pixels? We are currently reworking our website and will add such
a logo to the new site.

> 2) As-far-as I can see there is there no place on the Genode site for
> listing 3rd party associated projects- do you plan in the future to
> offer something like this?

Currently this section is missing for the mere reason that we are not
aware of such projects. Of course, we hope that this will change soon
and will be more than happy to add such a section. BTW, if you have
information to share about what you are doing, please don't hesitate to
post it here.

> 3) I would like to make a small donation to this project- could you
> provide a bitcoin address? (It does give one a nice warm fuzzy
> feeling knowing that you've helped a project that you use)

Admittedly, we haven't though about this yet. Good idea.

> 4) Is it planned for Genode support secure booting and attestation in
> the future? Secure boot + local object-cap OS + web lends itself to
> many interesting project possibilies: eg- p2p social networking where
> the user has true control over their own personal info, or a fast and
> efficient p2p digital currency, etc. (I believe that there are
> drivers for the intel TPM chips in Linux--maybe these could help?)

I agree that the TPM driver itself should not be a big deal. But I think
that combining Genode with authenticated booting is more far reaching
than that:

For several years we are spinning some ideas in the back of our heads
about this topic. Apparently, Genode's hierarchy of processes fits
extremely well with authenticated booting (much better than current
commodity OS architectures). In principle, we could enable each process
to produce an attest of itself and its individual TCB by slightly
enhancing the parent protocol. When called for an attest, the parent
would produce an attest for itself (by calling its parent), the calling
child, and eventually other children whose services are used by child.
The attestation would work recursively down the tree until it ends at
the root (of trust). Consequently the measured TCB is specific for each
individual application. It comprises the set of processes involved in
the chain of parents and those implementing the sessions used by the
applications. By measuring the TCB this way (in contrast to tying the
TCB to one particular version of a monolithic kernel), the attest would
provide information that is actually meaningful to a remote party.

I think that this could make TPMs useful for general-purpose computing
in positive ways (in contrast to their typically attributed purpose of
locking down computers).

However, as I said, even though we have this idea in mind for a while
now, we haven't had the time to put it into practice yet. If you are
interested in working on it, I would be delighted to lend a helping hand.

Thanks again, and all the best for 2012!


Dr.-Ing. Norman Feske
Genode Labs ·

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

More information about the users mailing list